Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Pubcookie authentication for BrowserCMS

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 app
Octocat-spinner-32 lib
Octocat-spinner-32 .gitignore
Octocat-spinner-32 COPYRIGHT
Octocat-spinner-32 GPL
Octocat-spinner-32 Gemfile
Octocat-spinner-32 LGPL
Octocat-spinner-32 README.markdown
Octocat-spinner-32 Rakefile
Octocat-spinner-32 bcms_pubcookie.gemspec
README.markdown

bcms_pubcookie

This is a BrowserCMS 3.3.x module for using Pubcookie authentication. It replaces the standard BrowserCMS authentication and login.

Prerequisites:

Installation

Add bmcs_pubcookie to your Gemfile

gem 'bcms_pubcookie', :git => 'git://github.com/jamezilla/bcms_pubcookie.git'

Run 'bundle install'

Your apache config should look something like this:

# pubcookie apache module
LoadModule pubcookie_module  libexec/apache2/mod_pubcookie.so

# fake basic auth apache module
LoadModule fba_module        libexec/apache2/mod_fba.so

<IfModule mod_pubcookie.c>
    PubcookieGrantingCertFile /path/to/pubcookie_granting.cert
    PubcookieSessionKeyFile /path/to/ssl.key.pem
    PubcookieSessionCertFile /path/to/ssl.crt.pem
    PubcookieLogin https://weblogin.washington.edu/
    PubcookieLoginMethod POST
    PubcookieKeyDir /usr/local/pubcookie/keys/
    PubcookieDomain .washington.edu
    PubcookieAuthTypeNames UWNetID null SecurID

    FakeBasicAuthEnable on
    FakeBasicAuthType UWNetID

    # force relogin to admin section
    <LocationMatch .*/cms/administration.*>
        authtype uwnetid
        require valid-user
        PubcookieSessionCauseReAuth 900
    </LocationMatch>

    # generic pubcookie logout
    # visiting www.dxarts.washington.edu/logout-redirect, will have
    # the following result:
    # - logged out of the application
    # - still logged into the weblogin service
    # - still identified by your uw netid
    # - redirected to the UW logout page
    <LocationMatch .*/logout-redirect.*>
        authtype uwnetid
        require valid-user
        PubcookieEndSession redirect
    </LocationMatch>

    # generic pubcookie logout
    # visiting www.dxarts.washington.edu/logout-clearlogin, will have
    # the following result:
    # - logged out of the application
    # - logged out of the weblogin service
    # - still identified by your uw netid
    # - redirected to the UW logout page
    <LocationMatch .*/logout-clearlogin.*>
        authtype uwnetid
        require valid-user
        PubcookieEndSession clearLogin
    </LocationMatch>
</IfModule>

The logout-redirect LocationMatch directive above is critical if you want the 'logout' link to work properly.

Something went wrong with that request. Please try again.